本文探讨了PeopleSoft系统中如何记录用户的登录尝试及位置信息。除了PSOPRDEFN表外,PSACCESSLOG表还提供了关于用户登录活动的详细信息,包括操作员ID、登录IP地址、登录和登出时间等。
This question came up during the recent application security audit – how does PeopleSoft track user sign in attempts and locations.
Aside from the obvious PSOPRDEFN table there is PSACCESSLOG – this table has OPRID, LOGIPADDRESS, LOGINDTTM, LOGOUTDTTM columns that give you information about user sign on activity. LOGIPADDRESS will contain the RemoteAddr property of %Request object, which is also useful in case you validate user ip address at the sign on. The only problem this could pose is in case your users are behind a single or multiple gateways that perform NAT. Then the value of this field would contain those NATed ip addresses and not the actual user ip addresses.
扫一扫
1601
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
